Sign-up

ID

VAR-201911-0584


CVE

CVE-2019-15468


TITLE

Xiaomi Mi A2 Lite Android Vulnerability related to externally controllable references to other domain resources on devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-012141

DESCRIPTION

The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/daisy/daisy_sprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1715_201812071953) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. Xiaomi Mi A2 Lite Android The device is vulnerable to an externally controllable reference to another realm resource.Information may be tampered with. Xiaomi Mi A2 Lite is a smartphone from China Xiaomi Technology. An attacker could exploit the vulnerability to modify the wireless settings

Trust: 2.16

sources: NVD: CVE-2019-15468 // JVNDB: JVNDB-2019-012141 // CNVD: CNVD-2019-41689

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-41689

AFFECTED PRODUCTS

vendor:mimodel:a2 litescope:eqversion: -

Trust: 2.2

vendor:xiaomimodel:mi a2 litescope: - version: -

Trust: 0.8

vendor:xiaomimodel:a2 lite ql1715 201812071953scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-41689 // JVNDB: JVNDB-2019-012141 // CNNVD: CNNVD-201911-974 // NVD: CVE-2019-15468

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15468
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-15468
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-41689
value: LOW

Trust: 0.6

CNNVD: CNNVD-201911-974
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-15468
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-41689
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-15468
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-15468
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-41689 // JVNDB: JVNDB-2019-012141 // CNNVD: CNNVD-201911-974 // NVD: CVE-2019-15468

PROBLEMTYPE DATA

problemtype:CWE-610

Trust: 1.8

sources: JVNDB: JVNDB-2019-012141 // NVD: CVE-2019-15468

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-974

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201911-974

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012141

PATCH
title:Mi A2 Liteurl:https://www.mi.com/global/mi-a2-lite
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-012141

EXTERNAL IDS
db:NVDid:CVE-2019-15468
Trust: 3.0
db:JVNDBid:JVNDB-2019-012141
Trust: 0.8
db:CNVDid:CNVD-2019-41689
Trust: 0.6
db:CNNVDid:CNNVD-201911-974
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-41689 // 
            
            
            
            JVNDB: JVNDB-2019-012141 // 
            
            
            
            CNNVD: CNNVD-201911-974 // 
            
            
            
            NVD: CVE-2019-15468

REFERENCES
url:https://www.kryptowire.com/android-firmware-2019/
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-15468
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15468
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-41689 // 
            
            
            
            JVNDB: JVNDB-2019-012141 // 
            
            
            
            CNNVD: CNNVD-201911-974 // 
            
            
            
            NVD: CVE-2019-15468

SOURCES
db:CNVDid:CNVD-2019-41689
db:JVNDBid:JVNDB-2019-012141
db:CNNVDid:CNNVD-201911-974
db:NVDid:CVE-2019-15468

LAST UPDATE DATE
2024-11-23T21:36:32.251000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-41689date:2019-11-21T00:00:00
db:JVNDBid:JVNDB-2019-012141date:2019-11-26T00:00:00
db:CNNVDid:CNNVD-201911-974date:2019-11-21T00:00:00
db:NVDid:CVE-2019-15468date:2024-11-21T04:28:48.283

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-41689date:2019-11-21T00:00:00
db:JVNDBid:JVNDB-2019-012141date:2019-11-26T00:00:00
db:CNNVDid:CNNVD-201911-974date:2019-11-14T00:00:00
db:NVDid:CVE-2019-15468date:2019-11-14T17:15:24.257